| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-31768 |
89 |
|
Sql |
2022-06-06 |
2022-06-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. |
|
2 |
CVE-2022-22413 |
89 |
|
Sql |
2022-05-12 |
2022-05-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 223022. |
|
3 |
CVE-2022-22351 |
400 |
|
DoS |
2022-03-07 |
2022-03-18 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 220396 |
|
4 |
CVE-2021-38945 |
434 |
|
|
2022-06-24 |
2022-10-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238. |
|
5 |
CVE-2021-29903 |
89 |
|
Sql |
2021-10-06 |
2021-10-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506. |
|
6 |
CVE-2021-29801 |
|
|
+Priv |
2021-08-26 |
2021-09-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977. |
|
7 |
CVE-2021-29772 |
94 |
|
|
2021-08-26 |
2021-09-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774. |
|
8 |
CVE-2021-29741 |
|
|
+Priv |
2021-08-02 |
2022-07-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in Korn Shell (ksh) to gain root privileges. IBM X-Force ID: 201478. |
|
9 |
CVE-2021-29740 |
134 |
|
Exec Code |
2021-06-01 |
2021-06-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entire system with root access. IBM X-Force ID: 201474. |
|
10 |
CVE-2021-29707 |
|
|
|
2021-07-19 |
2022-07-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879. |
|
11 |
CVE-2021-29672 |
787 |
|
Exec Code Overflow |
2021-04-26 |
2022-09-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash. IBM X-Force ID: 199479 |
|
12 |
CVE-2020-27583 |
502 |
|
Exec Code |
2021-01-26 |
2021-02-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
** UNSUPPORTED WHEN ASSIGNED ** IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
|
13 |
CVE-2020-7621 |
74 |
|
Exec Code |
2020-04-02 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function. |
|
14 |
CVE-2020-4988 |
|
|
DoS Exec Code |
2020-12-21 |
2020-12-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. IBM X-Force ID: 192706. |
|
15 |
CVE-2020-4979 |
|
|
Exec Code |
2021-05-05 |
2022-05-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to insecure inter-deployment communication. An attacker that is able to comprimise or spoof traffic between hosts may be able to execute arbitrary commands. IBM X-Force D: 192538. |
|
16 |
CVE-2020-4958 |
306 |
|
|
2021-01-21 |
2021-01-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM X-Force ID: 192209. |
|
17 |
CVE-2020-4829 |
|
|
+Priv |
2020-12-10 |
2021-08-31 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960. |
|
18 |
CVE-2020-4747 |
287 |
|
|
2020-12-15 |
2020-12-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated CLI session due to improper authentication methods. IBM X-Force ID: 188516. |
|
19 |
CVE-2020-4690 |
798 |
|
|
2021-09-23 |
2021-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697. |
|
20 |
CVE-2020-4587 |
787 |
|
|
2020-08-24 |
2020-08-27 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578. |
|
21 |
CVE-2020-4561 |
829 |
|
|
2021-06-01 |
2021-12-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903. |
|
22 |
CVE-2020-4534 |
269 |
|
Exec Code +Priv |
2020-08-03 |
2021-07-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges. IBM X-Force ID: 182808. |
|
23 |
CVE-2020-4499 |
862 |
|
Bypass |
2020-10-15 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216. |
|
24 |
CVE-2020-4493 |
287 |
|
Bypass |
2020-10-05 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995. |
|
25 |
CVE-2020-4459 |
798 |
|
|
2020-08-04 |
2020-08-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 181395. |
|
26 |
CVE-2020-4385 |
798 |
|
|
2020-07-22 |
2020-07-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 179266. |
|
27 |
CVE-2020-4347 |
269 |
|
|
2020-04-16 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. IBM X-Force ID: 178412. |
|
28 |
CVE-2020-4229 |
384 |
|
|
2020-06-05 |
2020-06-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. IBM X-Force ID: 175211. |
|
29 |
CVE-2020-4216 |
798 |
|
|
2020-06-15 |
2020-06-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 175066. |
|
30 |
CVE-2020-4208 |
798 |
|
|
2020-03-31 |
2020-03-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174975. |
|
31 |
CVE-2020-4184 |
269 |
|
|
2021-03-15 |
2021-03-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 174802.. |
|
32 |
CVE-2020-4177 |
798 |
|
|
2020-06-03 |
2020-06-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174732. |
|
33 |
CVE-2020-4150 |
798 |
|
|
2022-07-11 |
2022-07-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174142. |
|
34 |
CVE-2019-4694 |
798 |
|
|
2020-08-26 |
2020-08-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171832. |
|
35 |
CVE-2019-4675 |
798 |
|
|
2020-02-04 |
2020-02-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511. |
|
36 |
CVE-2019-4651 |
89 |
|
Sql |
2020-01-09 |
2020-01-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170962. |
|
37 |
CVE-2019-4575 |
89 |
|
Sql |
2022-06-15 |
2022-06-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 166801. |
|
38 |
CVE-2019-4558 |
74 |
|
|
2019-10-09 |
2019-10-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files. |
|
39 |
CVE-2019-4483 |
89 |
|
Sql |
2019-08-20 |
2022-12-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067. |
|
40 |
CVE-2019-4481 |
89 |
|
Sql |
2019-08-20 |
2022-12-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064. |
|
41 |
CVE-2019-4357 |
|
|
Exec Code |
2019-07-01 |
2022-12-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667, |
|
42 |
CVE-2019-4294 |
78 |
|
Exec Code |
2019-08-20 |
2022-12-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188. |
|
43 |
CVE-2019-4267 |
119 |
|
Exec Code Overflow |
2019-07-22 |
2022-12-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerable to a buffer overflow. This could allow execution of arbitrary code on the local system or the application to crash. IBM X-Force ID: 160200. |
|
44 |
CVE-2019-4253 |
|
|
+Priv |
2019-08-20 |
2023-02-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941. |
|
45 |
CVE-2019-4227 |
384 |
|
|
2019-10-04 |
2022-12-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352. |
|
46 |
CVE-2019-4183 |
400 |
|
DoS |
2019-09-17 |
2023-02-23 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973. |
|
47 |
CVE-2019-4155 |
|
|
|
2019-04-08 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry. IBM X-Force ID: 158544. |
|
48 |
CVE-2019-4103 |
|
|
Exec Code |
2019-06-17 |
2023-02-03 |
7.7 |
None |
Local Network |
Low |
??? |
Complete |
Complete |
Complete |
|
IBM Tivoli Netcool/Impact 7.1.0 allows for remote execution of command by low privileged User. Remote code execution allow to execute arbitrary code on system which lead to take control over the system. IBM X-Force ID: 158094. |
|
49 |
CVE-2019-4088 |
|
|
+Priv |
2019-07-02 |
2022-12-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan module. By setting up such a library, a local attacker could exploit this vulnerability to gain root privileges on the vulnerable system. IBM X-Force ID: 157511. |
|
50 |
CVE-2019-4078 |
732 |
|
Exec Code |
2019-05-23 |
2022-12-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190. |
